Attorney Docket No. 248588007US 

Amendments to the Claims : 

Following is a complete listing of the claims pending in the application, as 
amended: 

1. (Original) A method in a computing system for updating properties used 
by a subject computer system using a helper computer system, comprising: 

maintaining a set of current properties on the subject computer system; 
in the helper computer system, receiving new properties for the subject computer 
system; 

transmitting the current properties from the subject computer system to the 
helper computer system; 

in the helper computer system, 

merging the received new properties into a copy of the transmitted current 

properties; 

comparing the received current properties to the copy of the received 
current properties into which were merged the received new properties; 

if the received current properties to the copy of the received current 
properties differ, transmitting the copy of the current properties into which were merged 
the received new properties to the subject computer system; and 

in the subject computer system, adopting the transmitted copy of the current 
properties into which were merged the received new properties. 

2. (Original) The method of claim 1 wherein the comparing includes: 

generating a digest of each the received current properties to the copy of the 
received current properties into which were merged the received new properties; and 
comparing the generated digests. 

3. (Original) The method of claim 2 wherein the digests are generated using 
a hashing function. 
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4. (Original) The method of claim 2 wherein the digests are generated using 
an MD5 hashing function. 

5. (Original) The method of claim 2 wherein the merging includes: 

deleting from the copy of the current properties any properties managed by the 
helper computer system; and 

adding properties including the new properties to the copy of the current 
properties. 

6. (Original) The method of claim 5 wherein the deleting includes deleting 
properties in the copy of the current properties identified by administrative properties 
among the current properties. 

7. (Original) The method of claim 1 wherein the merging includes adding to 
the copy of the current properties administrative properties identifying other properties 
added to the copy of the current properties. 

8. (Original) A method in a computing system for remotely managing 
properties for a subject computer system, comprising: 

receiving a property update inquiry from the subject computer system, the inquiry 
indicating a time at which properties in use by the subject computer system were 
updated; 

comparing the indicated time to an update time for managed properties; 
if the indicated time is earlier than the update time, 

retrieving a copy of the existing properties used by the subject computer 

system; 

merging managed properties into the copy of the existing properties; and 
sending the merged properties to the subject computer system. 

9. (Original) The method of claim 8 wherein the merged properties sent to 
the subject computer system include an instruction to adopt the merged properties. 
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10. (Original) The method of claim 8, further comprising comparing the 
merged properties to the existing properties, and wherein the sending is only performed 
if the merged properties and the existing properties are not the same. 

11. (Currently Amended) A method in a server computer system for 
establishing a virtual private network between a first private network having a first 
security device and a second private network having a second security device, 
comprising: 

generating properties for the first security device to direct the participation of the 
first security device in the virtual private network; 

generating properties for the second security device to direct the participation of 
the second security device in the virtual private network; 

distributing the properties generated for the first security device to the first 
security device for use by the first security device to participate in the virtual private 
network; and 

distributing the properties generated for the second security device to the second 
security device for use by the second security device to participate in the virtual private 
network^ 

wherein the distributing includes transmitting the generated properties to the security 
devices in response to inquiries from the security devices at times subseguent to the 
generating . 

12. (Original) The method of claim 11 wherein the properties generated for 
the first security device are distinct from the properties generated for the second 
security device. 

13. (Original) The method of claim 11 wherein the generated properties are 
adopted by both security devices to establish the virtual private network. 

14. (Canceled) 
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15. (Original) The method of claim 11 wherein the distributing includes 
transmitting the generated properties to the security devices in response to the 
generation of the properties. 

16. (Original) The method of claim 11, further comprising receiving a single 
set of VPN specifications in the server computer system, 

and wherein the method is performed without regard for any user input received 
subsequent to receiving the single set of VPN specifications. 

17. (Original) The method of claim 1 1 wherein the generation of properties for 
each security device includes: 

selecting a property template; and 

populating the selected property template with information specific to the first 
private network and/or information specific to the second private network. 

18. (Original) The method of claim 11 wherein the generated properties 
include security properties relating to the protection of data traveling in the virtual private 
network. 

19. (Original) The method of claim 18 wherein the security properties specify 
encryption parameters for data traveling in the virtual private network. 

20. (Original) The method of claim 11 wherein the generated properties 
include resource properties relating to sources and destinations in the private networks 
for data traveling in the virtual private network. 

21 . (Original) The method of claim 20 wherein the resource properties specify 
addresses of network nodes within the private networks that may send and receive data 
traveling in the virtual private network. 
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22. (Original) The method of claim 11 wherein the generated properties 
include service properties relating to classes of data that may travel in the virtual private 
network. 

23. (Original) The method of claim 22 wherein the service properties specify 
network protocols for which data may travel in the virtual private network. 

24. (Original) The method of claim 11, further comprising performing the 
generating and distributing for one or more additional security devices in order to 
establish the virtual private network between more than two private networks. 

25. (Currently Amended) A computer-readable medium whose contents 
cause a server computer system to establish a virtual private network between a first 
private network having a first security device and a second private network having a 
second security device by: 

generating properties for the first security device to direct the participation of the 
first security device in the virtual private network; 

generating properties for the second security device to direct the participation of 
the second security device in the virtual private network; 

distributing the properties generated for the first security device to the first 
security device for use by the first security device to participate in the virtual private 
network; and 

distributing the properties generated for the second security device to the second 
security device for use by the second security device to participate in the virtual private 
network, 

wherein the distributing includes transmitting the generated properties to the security 
devices in response to inguiries from the security devices at times subseguent to the 
generating . 

26. - 27. (Canceled) 
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28. (Currently Amended) A method in a single manager computing system for 
managing properties for a plurality of managed computer systems, comprising, 
reiteratively: 

receiving new managed properties for an identified managed computer system; 

determining whether the new managed properties received differ from those in 
use by the identified managed computer system; and 

delivering the received new managed properties to the identified managed 
computer system^ 

wherein the new managed properties are delivered only if it is not determined that the 
new managed properties received differ from those in use by the identified managed 
computer system . 

29. (Original) The method of claim 28 wherein at least one of the managed 
computer systems is a dedicated network security device. 

30. (Original) The method of claim 28 wherein, for each managed computer 
system, the managed properties are a proper subset of a set properties used by the 
managed computer system, and wherein the delivering includes: 

receiving the set of properties used by the managed computer system; 

substituting for managed properties in the set of properties used by the managed 
computer system new managed properties received by the manager computer system; 
and 

conveying to the managed computer system the set of properties used by the 
managed computer system in which the new managed properties have been 
substituted. 

31. (Original) The method of claim 28, further comprising cacheing the 
received new managed properties until delivery. 

32. - 33. (Canceled) 
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34. (Original) A method in a distinguished computing system for managing 
properties used by the distinguished computer system in its operation, comprising: 

maintaining a first set of properties; 

receiving from a separate computing system a second set of properties; and 
using both the first set of properties and the second set of properties in the 
operation of the distinguished computing system. 

35. (Original) The method of claim 34, further comprising: 

updating one or more properties among the first set of properties at the initiation 
of the distinguished computing system; and 

using the updated properties in the operation of the distinguished computing 
system. 

36. (Original) The method of claim 34, further comprising: 

receiving one or more updated properties from the separate computing system; 

and 

using the updated properties in the operation of the distinguished computing 
system. 

37. (Original) The method of claim 36 wherein the updated properties specify 
the establishment of a virtual private network between the distinguished computing 
system and an additional computing system. 

38. (Original) The method of claim 34, further comprising: 

sending the first and second sets of properties as a configuration to the separate 
computing system; 

receiving from the separate computer system a replacement configuration, in 
which properties of the second set have been modified; and 

using the properties in the replacement configuration in the operation of the 
distinguished computing system. 
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39. (Original) A method in a manager computing system for participating in 
the management of properties used by a client computing system, comprising: 

determining that properties of the client computing system managed by the 
manager computing system should be updated; and 

instructing the client computing system to use in its operation manager-managed 
properties updated in accordance with the determination, in conjunction with properties 
of the client computing system managed by the client computing system. 

40. (Original) The method of claim 39, further comprising: 

receiving from the client computing system a client configuration comprising the 
manager-managed properties and client-managed properties in use by the client 
computing system; 

incorporating in the received client configuration the manager-managed 
properties updated in accordance with the determination to produce an updated client 
configuration; and 

returning the updated client configuration to the client computing system with an 
instruction to use the updated client configuration in the operation of the client 
computing system. 

41. (Original) The method of claim 39 wherein the updated properties specify 
the establishment of a virtual private network between the client computing system and 
an additional computing system. 

42. (Original) A system for managing properties for a distinguished computing 
system, comprising: 

the distinguished computing system, which utilizes both locally-managed 
properties and remotely-managed properties, and which manages the locally-managed 
properties; and 

a manager computing system communicatively connected to the distinguished 
computing system, which manages the remotely-managed properties. 
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43. (Original) The method of claim 42 wherein the distinguished computing 
system is a specialized network security device. 
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